Tuesday, 22 August 2017

Warning, this site is not secure!

What will a visitor do when he reads 'Warning, this site is not secure' while searching on his favourite website? If he has to type in his personal data he will probably refrain from doing so. Not secure means that scary people can start doing scary stuff with your data. Said warning will be a reality as of october this year. Google tightens noose on HTTP: Chrome to stick 'Not secure' on pages with search fields.

October will mark stage two of Google's plan to label all HTTP pages as 'Not secure' in Chrome.

Release of Chrome 56In January, Google started to label some pages in HTTP as non-secure with the release of Chrome 56. This phase affected pages that transmit sensitive information such as login and payment-card data on the web.HTTPSThe not-secure label indicated that data is being exchanged on an unencrypted connection. HTTPS, the secure version of HTTP, offers better protection against someone on the same network viewing or modifying the traffic, in what is known as a man-in-the-middle attack.

HTTP = insecureBeginning in October, Chrome will label HTTP pages as insecure if users can input any data. Google highlights this will apply to any page with a search box.

Miss Helena Schechter..."Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the 'Not secure' warning when users type data into HTTP sites," said Emily Schechter, a Chrome Security Team product manager.

Obligatory SSL/TLS certificatesThe expanded warnings for HTTP pagesare likely to add pressure on site owners to acquire the necessary SSL/TLS certificates and setup HTTPS on their web servers. Also, warnings for any user-input field cast a wider net than login and payment pages, given the frequency of pages with a search box.